Average Cost Per Breached Record Rises to $202
Related entries in Surveys & Reports
The Ponemon Institute has released its annual study on the Cost
of a Data Breach. The 2008 Study indicates that the total average costs of a data breach
continue to rise. The average cost per breached record is now $202; the average cost per breach
is $6.6 million.
The Ponemon Study tracks a wide range of cost factors that relate to data breaches: from
detection & notification to legal ramifications and customer loss (tangible or not). The first study
from four years ago helped to identify “direct, indirect and opportunity costs from the loss or
theft of personal information, thus requiring notification to breach victims as required by law or
The 2008 Study looks at the actual data breach experiences of 43 US companies across 17
industry sectors. This is a larger base sample to draw from, vs the 35 breaches studied in 2007.
The breaches in the survey ranged from 4,200 records to more than 113,000 records.
The average cost per breached record has gone up from $182 in 2006 to $197 in 2007 to $202
in 2008. The average total cost per reporting company was more than $6.6 million per breach (up
from $6.3 million in 2007). The range for costs was anywhere from $613,000 to $32 million.
“In these very tough economic times, businesses cannot afford to lose customers as a result of
breach. Although new data breaches are reported each week, and seem to be getting larger,
consumers have not become immune. While organizations have learned how to respond to a
breach more cost-effectively, customers are increasingly prone to terminate their business
relationship due to lost data, producing consistently higher abnormal churn rates.”
The costs of lost business has the highest impact on the per-record breach cost, accounting for
69% of data breach costs. According to the study, breach costs for first-timers (companies with
no previous breach history) are higher and that 85% of cases in the study involved companies